The current effort for the third generation partnership project (3GPP) long term evolution (LTE) program is to bring new technology, new architecture and new methods related to LTE settings and configurations in order to provide improved spectral efficiency, reduced latency, better utilization of radio resources to bring faster user experiences and richer applications and services with less cost.
The LTE layer 3 (L3) architecture may be considered as an evolution of the existing L3 architecture for a general packet radio service (GPRS) capable wireless transmit/receive unit (WTRU), (i.e., mobile station). LTE defines new mobility management (MM) concepts, (e.g., the concept of tracking areas replacing routing areas), and new MM procedures, (e.g., multiple tracking areas may be allocated in a tracking area update procedure). These new procedures will be described in more detail by new L3 protocols, (e.g., evolved mobility management (EMM)) and evolved session management (ESM)), that will be a part of the LTE non-access stratum (NAS). These new protocol entities are the LTE equivalent of GPRS mobility management (GMM), session management (SM), and the like.
Furthermore, as part of this evolution process, 3GPP will use a different security architecture in LTE than used is in universal mobile telecommunications system (UMTS) and global system for mobile communications (GSM). For the sake of comparison, the UMTS authentication and key agreement (AKA) procedures, (in the packet switched (PS) domain), may be considered to be the baseline for the new LTE procedures. The current UMTS AKA procedures and a brief description of the new LTE security architecture will now be described.
The UMTS AKA and ciphering procedures are spread over multiple protocol layers and use both NAS and radio resource control (RRC) signaling to accomplish their goal. In brief, identification and authentication of a WTRU is accomplished via NAS signaling. Once authentication at a NAS level is accomplished, ciphering and/or integrity protection is activated by the network using a security mode command, which is an RRC message. Once security is activated using the security mode command, the NAS layer in the WTRU first passes a ciphering key (CK) and an integrity key (IK) to the access stratum (AS) using a GMMAS-SECURITY-RESPONSE primitive over the GMMAS service access point (SAP), (defined between the GMM and the AS). The RRC receives these keys and passes them on to the radio link control (RLC) and the medium access control (MAC) using a CRLC-CONFIG primitive, (over the C-SAP between the RRC and RLC) and the CMAC-CONFIG primitive (over the C-SAP between the RRC and MAC). The C-SAP is a service access point for C-plane signaling between the RRC and lower layers. The actual ciphering and integrity protection is usually performed in the RLC, but is performed in the MAC in case of transparent RLC mode traffic. The lower layers, (i.e., MAC/RLC), are responsible for ensuring that messages intended for upper layers, (e.g., L3 NAS messages), have been integrity protected and/or ciphered correctly. If not, the lower layers ignore/drop the message.
For LTE, a radically different architecture for security has been proposed. The main difference is that instead of a single security layer, (i.e., in the MAC/RLC), there are now two levels of security—NAS security and AS security. NAS security terminates in the mobility management entity (MME), (i.e., core network), and the AS security terminates in the base station (i.e., eNode-B). In brief, the AKA procedures are completed in the NAS, the NAS security keys are derived first and upon completion, and the AS security parameters are derived from the NAS keys in a cryptographically separate manner, (i.e., knowledge of AS keys does not allow an attacker to determine the NAS keys). The main rationale for this decision was that in LTE, one might have base stations in vulnerable locations, (e.g., home Node-Bs), and since RRC (and therefore security) is terminated in the base station, this was considered to be a security risk. Hence two levels of security are required.
FIG. 1 shows the structure of a conventional LTE L3 header 100. The first octet of the LTE L3 header 100 includes a transaction identifier or skip indicator field 105 and a protocol discriminator (PD) field 110. The second octet of the LTE L3 header 100 includes a message type field 115. Additional octets of the LTE L3 header 100 may include other information elements 120 as required. As previously described, new L3 protocol entities have been proposed, (e.g., EMM and ESM). However, the current LTE L3 header 100 does not support these new protocols. Specifically, the PD field 110 in the LTE L3 header 100 of FIG. 1 is enhanced to distinguish these new protocols as options.
FIG. 2 shows the PD field 110 of the LTE L3 header 100 of FIG. 1. Referring to FIGS. 1 and 2, the last four bits (4321) of the first octet in the LTE L3 header 100 form the PD field 110, which is used by the routing entity in the MM sub-layer of the NAS to route an L3 message including the LTE L3 header 100 to the appropriate NAS entity, (e.g., MM/GMM/SM currently).
The conventional NAS architecture 300 of a PS-only UMTS WTRU is shown in FIG. 3. The NAS architecture 300 includes a radio access bearer management (RABM) unit 305, a connection management (CM) unit 310, a mobility management (MM) unit 315 and an access stratum (AS) sublayer 320. The RABM unit 305 includes a plurality of radio access bearer (RAB) entities 325, 330 and 335, and an RAB control unit 340. The CM unit 310 includes a session management (SM) unit 345, a GPRS short message service (GSMS) entity 350, and a supplemental service (SS) entity 355. A packet data protocol (PDP) 360 is used as an interface between the CM unit 310 and the MM unit 315. The MM unit 315 includes a GPRS MM (GMM) unit 365 and a PD unit 370. Both the MM unit 315 and the RABM unit 305 interface with the AS sublayer 320, which include a radio resource controller (RRC) 375, a broadcast multicast controller (BMC) 380, and a packet data conversion protocol (PDCP) 385. The AS sublayer 320 provides services to the MM unit 315 and the RABM unit 305. The MM unit 315 provides services to the entities of the CM unit 310.
The RAB control unit 340 adds, modifies, deletes and/or reconfigures the RAB entities 325, 330 and 335. The PD unit 370 is used for routing NAS message information elements (IEs) to various NAS entities. The SM unit 345 provides services to the RABM unit 305 and uses services of the MM unit 315. The GSMS entity 350 is identical to the SMS entity for GPRS services in GSM, except it uses the services from the GMM unit 365. The SS entity 355 is identical to the one for non-GPRS services, except it uses the services from the PS signaling connection. The RABM unit 305 hides the concepts of RABs that can be activated/released while a PDP context is active. If uplink (UL) data in the terminal is to be sent on an RAB (network service access point identifier (NSAPI)) that has been released, the RABM unit 305 will trigger a service request procedure in GMM unit 365.
Usually, NAS message IEs are encoded in type/length/value (TLV) format. As shown in FIG. 4, NAS message IEs belong to one of five types of IEs 405, 410, 415, 420 and 425. As shown in FIG. 4, IE 405 has a type (T) only format, IE 410 has a value (V) only format, IE 415 has a type and value (TV) format, IE 420 has a length and value (LV) format, and IE 425 has a type, length and value (TLV) format. As indicated in FIG. 4, an IE indicator (type) is present in IEs 405, 415 and 425, but is not present in IEs 410 and 420. A length indicator is present in IEs 420 and 425, but is not present in IEs 405, 410 and 415. A value indicator is present in IEs 410, 415, 420 and 425, but is not present in IE 405.
Some of the problems with using the NAS architecture 300 of FIG. 3 is that the new NAS messages proposed do not have any message types defined in order to be identified. Also, some of the expected new NAS IEs have no defined format for their encoding. Furthermore, the NAS entities shown in FIG. 3 do not support security, (i.e., it is difficult to implement security in the LTE NAS using the current NAS architecture).
In addition, in the NAS architecture 300, the ciphering algorithms proposed for LTE are block ciphers, i.e., they work by using the CK and an indication of the length of the protocol data unit (PDU) to be ciphered to generate a keystream block, having a length equal to that of the unciphered PDU. This keystream block is then bitwise added (usually) to the unciphered PDU to generate the ciphered PDU. The procedure is also used at the receiver to generate the identical keystream block for deciphering. This keystream block is then bitwise added to the received ciphered PDU.
In LTE, ciphering of NAS messages has been agreed to. Therefore, the NAS layer has to indicate to the ciphering algorithm the length of the L3 NAS PDU to be ciphered. No functionality exists today for the NAS to do so.
Finally, if relocation of the MME is allowed, then it is possible that during handover an MME relocation may take place. An example of a handover procedure used to carry out the relocation of the MME is shown in FIG. 5. There is currently no procedure defined for the handling of an NAS sequence number (SN) and a hyper frame number (HFN) upon radio link failure and inter-MME handover.